Cybersecurity Weekly: Record bug bounty payouts, new phishing attacks, smartphone fingerprint hack

November 12, 2019 by Sam Fay

Bug bounty platform Bugcrowd breaks weekly payout record with over $500,000. Paypal upsets Microsoft as phishers’ favorite brand for the first time in over a year. Hackers unlock smartphones in under 20 minutes by photographing fingerprints on glass. All this, and more, in this week’s edition of Cybersecurity Weekly.

1. Bugcrowd paid out over $500,000 in bounties in one week

In October, Bugcrowd paid out $1.6 million to over 500 white hat hackers from around the world. Collectively, they reported a total of 6,500 vulnerabilities in products belonging to companies using the platform. More than $513,000 in payouts were made just last week — a record in a 7-day period for Bugcrowd since it launched in 2011.
Read more »

2. Cybersecurity workforce skills gap rises to over 4 million

According to a recent study by (ISC)2, the estimated current cybersecurity workforce is 2.8 million professionals, while the amount of additional trained staff needed to close the skills gap is 4.1 million professionals. The study also shows that cybersecurity and IT professionals are largely satisfied in their careers and optimistic about their futures.
Read more »

3. PayPal upsets Microsoft as phishers’ favorite brand

PayPal was the most frequently spoofed brand in the third quarter of 2019, unseating Microsoft for the first time in over a year. Phishing campaigns have capitalized on PayPal’s popularity. One discovered by Vade researchers targeted more than 700,000 people, primarily located in Europe, with emails threatening legal action and requesting a small payment.
Read more »

4. Hackers can attack smart home devices with lasers

Hackers can shine lasers at your Google Assistant or Amazon Alexa devices to gain control of them, send commands to the smart assistants and obtain your account information. Researchers proved this by using lasers to inject malicious commands into voice-controlled devices like smart speakers, tablets and phones.
Read more »

5. Long-anticipated “BlueKeep” cyberattacks on Microsoft devices have begun

After much speculation about the potential of a BlueKeep exploit attack, one has finally been observed in the wild — though its impact so far has been significantly lower than once feared. If exploited, BlueKeep can allow hackers to remotely execute arbitrary code, leaving Microsoft users vulnerable to attack.
Read more »

6. Amazon’s Ring Video Doorbell lets attackers steal Wi-Fi passwords

Security researchers at Bitdefender have discovered a high-severity vulnerability in Amazon’s Ring Video Doorbell Pro devices. This could allow nearby attackers to steal Wi-Fi passwords and launch a variety of Man-in-the-Middle cyberattacks against other smart devices connected to the victim’s home network.
Read more »

7. Thousands of NordVPN user passwords leaked online

Just weeks after the company revealed it was breached, thousands of NordVPN users have now fallen victim to credential-stuffing attacks that allow unauthorized users to access their accounts. Credentials for NordVPN users, including email addresses, plaintext passwords and expiration dates, were found on online forums.
Read more »

8. Study: Ransomware, data breaches at hospitals tied to uptick in fatal heart attacks

Hospitals hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months because of remediation efforts, a new study claims. Health industry experts say the findings prompt a larger review of how security may be impacting patient outcomes.
Read more »

9. Experts hacked Samsung Galaxy S10 and Xiaomi Mi9 phones at Pwn2Own Tokyo

On the second day of the Pwn2Own Tokyo 2019 hacking contest, whitehat hackers received a total of $120,000 for finding exploits against the Samsung Galaxy S10, Xiaomi Mi9 and TP-Link AC1750 routers. The flaws have been reported to the impacted vendors, and the ZDI organization will give them 90 days to address the issues before disclosing them.
Read more »

10. Hackers can unlock any phone in 20 minutes using photographed fingerprints

Hackers working for a Chinese security company claim they have developed a method to photograph a fingerprint on any glass surface and use it to unlock any smartphone in just 20 minutes. After processing the photo, the processed fingerprint was used to unlock three smartphones, all with different fingerprint reader technology.
Read more »

Posted: November 12, 2019
Sam Fay
View Profile